From 64c462c8ad6d54d26c15b97ccc115b2cda6dc3aa Mon Sep 17 00:00:00 2001 From: Anis Kadri Date: Fri, 13 Jan 2012 17:29:46 -0800 Subject: [PATCH] fixing whitelist handling --- framework/src/com/phonegap/DroidGap.java | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/framework/src/com/phonegap/DroidGap.java b/framework/src/com/phonegap/DroidGap.java index 2eee859b..fdf61b75 100755 --- a/framework/src/com/phonegap/DroidGap.java +++ b/framework/src/com/phonegap/DroidGap.java @@ -1904,24 +1904,24 @@ public class DroidGap extends PhonegapActivity { // Unlimited access to network resources if(origin.compareTo("*") == 0) { LOG.d(TAG, "Unlimited access to network resources"); - whiteList.add(Pattern.compile("*")); + whiteList.add(Pattern.compile(".*")); } else { // specific access // check if subdomains should be included // TODO: we should not add more domains if * has already been added if (subdomains) { // XXX making it stupid friendly for people who forget to include protocol/SSL if(origin.startsWith("http")) { - whiteList.add(Pattern.compile(origin.replaceFirst("https{0,1}://", "^https{0,1}://.*"))); + whiteList.add(Pattern.compile(origin.replaceFirst("https?://", "^https?://(.*\\.)?"))); } else { - whiteList.add(Pattern.compile("^https{0,1}://.*"+origin)); + whiteList.add(Pattern.compile("^https?://(.*\\.)?"+origin)); } LOG.d(TAG, "Origin to allow with subdomains: %s", origin); } else { // XXX making it stupid friendly for people who forget to include protocol/SSL if(origin.startsWith("http")) { - whiteList.add(Pattern.compile(origin.replaceFirst("https{0,1}://", "^https{0,1}://"))); + whiteList.add(Pattern.compile(origin.replaceFirst("https?://", "^https?://"))); } else { - whiteList.add(Pattern.compile("^https{0,1}://"+origin)); + whiteList.add(Pattern.compile("^https?://"+origin)); } LOG.d(TAG, "Origin to allow: %s", origin); }